Least-Privilege Management for WindowsServers and Desktops

PowerBroker for Windows is a simple, fast and flexible solution for least-privilege management and application control on physical and virtual Microsoft Windows desktops and servers. It enables you to enforce least-privilege policies by removing administrator privileges from users, enforcing Standard User permissions, maintaining application access control, and logging privileged activities. As a result, your organization is protected against internal and external threats, including accidental or intentional misuse of privileged access.

Rely on patented technology that elevates privileges on an as-needed basis, without exposing passwords or hampering productivity

Eliminate the intentional, accidental and indirect misuse of privileges on physical and virtual Microsoft Windows desktops and servers. Block prohibited applications from running and gaining access to Windows assets.

VULNERABILITY-BASED APPLICATION MANAGEMENT (VBAM)

Leverage patented technology to automatically scan applications for vulnerabilities at run time – triggering alerts, reducing application privileges, or preventing launch altogether based on agency or department policy.

Datasheet

Download this overview document containing capabilities, highlights and competitive advantages of our PowerBroker for Windows privilege and session management for Microsoft Windows. PowerBroker for Windows is a simple, fast and flexible solution for privilege management and application control on physical and virtual Microsoft® Windows desktops and servers, helping administrators protect against both internal and external threats, including the accidental or intentional misuse of privileged access.

Documentation

PowerBroker for Windows version 6.7 adds several new features that add business context to security exposures and make it easy to understand, prioritize and communicate privileged access risk within the organization. This document details these features including integration with PowerBroker Password Safe.

Case Study

This specialty insurance provider needed to eliminate the risks to their enterprise by allowing users administrative privileges. By selecting PowerBroker for Windows with BeyondInsight, the system vulnerabilities were resolved without affecting employee productivity.

White Paper

Discusses how application control solutions are designed to block the execution of unauthorized applications and how PowerBroker for Windows is the next-generation solution for application control. When integrated with Windows, application privileges are simply controlled with just a few rules.

White Paper

BeyondTrust has developed patent-pending technology to fuse the risk of vulnerable applications, application control, regulatory compliance, and least privilege into the next generation of endpoint security solutions. This fusion addresses the concerns of whitelisting vulnerable applications and can match application privileges and runtime operations to regulatory compliance requirements based on abstract and industry standard risk concepts.

White Paper

Virtually every organization is being compelled to improve client security. Auditors, regulators and business unit owners all recognize the threat unsecured desktops pose, and understand the need to comply with the myriad of regulatory and governance issues that make today’s headlines.

White Paper

Discusses the goals and challenges of creating a privileged access management program for your Windows desktops and servers in an enterprise environment. Privileged access is a key issue these days, especially on desktops, for which an over-privileged user can be a weapon of destruction on your internal network if they inadvertently download and install malware.

White Paper

As Windows grew to fill roles in larger networks, both the OS and the server products built upon it did not always evolve to include more granular permission structures for administrators. The result has been an industry that, in general, relies on fully-privileged administrator accounts to accomplish even minor administrative tasks. We know it is a poor practice, but what else can we do?

White Paper

AppLocker, which was introduced in Windows 7, provides powerful technology for controlling application execution for enterprises. By implementing AppLocker policy, organizations can better control what applications can install and run on desktops via White Lists and Black Lists, improving security and reducing the risk that malware poses.

White Paper

These seemingly incongruous needs often come to a head on the Windows desktop, which is the main entry point for the user into an enterprise network. In this white paper, I’ll examine this age-old struggle and help you understand how you can find the right balance with something I call "Best Privilege."

White Paper

Curious about how least privilege applies to you and your organization? Let Goldie Locks show you in this new eBook written by Microsoft MVP Derek Melber. In the story, Goldie Locks plays the role of a recent college graduate, with degrees in marketing and multimedia communications, who is just starting her position in marketing for a mid-sized IT company.

White Paper

Microsoft Group Policy MVP, Darren Mar-Elia, expertly discusses the capabilities of Group Policy with respect to security configuration, including a number of new features introduced in Windows 7 & Server 2008-R2; how policy gets delivered and the tattooing nature of security settings; the free Microsoft Security Compliance Manager tool and how it can help you define security baselines based on best-practice templates that can be exported to live GPOs; the challenges of using Group Policy as a security compliance solution, including some best practices; and how 3rd parties are leveraging and extending Group Policy as a tool for delivering new Windows security features.

There are a wide variety of enterprise password management products available in the market – from high availability enterprise solutions to personal desktop tools. These products are delivered by vendors such as BeyondTrust and others like CyberArk, Thycotic, LastPass, and even Apple’s Keychain. The goal of all of these solutions is to simplify the storage,... more

Vormetric Data Security recently released an insider threat report, with research conducted by HarrisPoll and analyzed by Ovum. Based on the survey responses, it is apparent that there is still a great deal of insecurity over data. However, the results also show that there may be misplaced investments to address those insecurities. I will explain... more

In last week’s blog, we talked about how controls and accountability must be put into place so that only the right folks can access data and the systems on which that data resides, and that employing a least privilege model helps to achieve that and more. We’re using conclusions and data from a recent report... more

Part of working in IT means you put in your time “on-call.” Companies either don’t realize there is a better way to allow users to maintain administrative access to endpoints, or they remove admin rights from users but don’t account for the resulting operational inefficiencies. more

Today, we’re excited to announce new releases of both our Retina vulnerability assessment technology and the BeyondInsight risk management platform. Here’s a brief overview of what’s new in BeyondInsight. With the release of BeyondInsight v5.3, BeyondTrust solutions that come equipped with the centralized BeyondInsight management, analytics and reporting console now benefit from several additional platform... more

Application control solutions reduce IT risk by regulating which programs can be launched on desktops, servers and other assets. For instance, application control can help to prevent malware infections and minimize subsequent damage if a malware infection occurs. IT and security leaders have several technology alternatives to consider when seeking to implement application control in their... more

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side... more

There is a reason all BeyondTrust Privileged Account Management (PAM) solutions share the PowerBroker name: They all inherently enable you to reduce user-based risk and can be integrated under a centralized IT risk management platform. Here’s one common use case that demonstrates how this integration changes the playing field. Consider the challenge of privileged access:... more

I have a bone to pick: Stopping an administrator from performing an action on a system is futile endeavor. As an administrator, there is always a way to circumvent a solution’s from tampered protection. Really! By default, Windows administrators have unrestricted access to the system – and even though an application, hardened configuration, or group policy... more

BeyondTrust recognizes that international, multilingual businesses have unique operating challenges, especially when it comes to implementing enterprise software. PowerBroker for Windows is a least-privilege solution often deployed across thousands of systems spanning multiple geographies and protecting users of diverse backgrounds. Earlier this year, PowerBroker for Windows introduces new data privacy features for EMEA and APAC,... more

Retina CS Enterprise Vulnerability Management

Retina Network Security Scanner

Integrated network, web & virtual vulnerability assessment. Retina is the security industry’s most respected and industry-validated security scanner and serves as the engine for our vulnerability management solutions. There is no better option for securing your network from vulnerabilities.

BeyondInsight

Retina Protection Agent

Close the security gap created by systems that can't be reached with remote vulnerability assessments alone with this lightweight agent for local vulnerability assessment, continuous zero-day vulnerability monitoring, and intrusion prevention.